Commit: ea32a0380148b3261679eded2149ebac7e3a15ef Author: Sergey Sharybin Date: Mon Jul 11 17:58:42 2016 +0200 Branches: master https://developer.blender.org/rBea32a0380148b3261679eded2149ebac7e3a15ef
Fix T48824: Crash when having too many ray-to-volume intersections
Code might have writing past the array boundaries.
===================================================================
M intern/cycles/kernel/bvh/bvh_shadow_all.h
M intern/cycles/kernel/bvh/bvh_volume_all.h
M intern/cycles/kernel/bvh/qbvh_shadow_all.h
M intern/cycles/kernel/bvh/qbvh_volume_all.h
===================================================================
diff --git a/intern/cycles/kernel/bvh/bvh_shadow_all.h
b/intern/cycles/kernel/bvh/bvh_shadow_all.h
index 1d6fa30..1869457 100644
--- a/intern/cycles/kernel/bvh/bvh_shadow_all.h
+++ b/intern/cycles/kernel/bvh/bvh_shadow_all.h
@@ -254,6 +254,9 @@ ccl_device bool BVH_FUNCTION_FULL_NAME(BVH)(KernelGlobals
*kg,
/* shadow ray early termination
*/
if(hit) {
+ /* Update number of
hits now, so we do proper check on max bounces. */
+ (*num_hits)++;
+
/* detect if this
surface has a shader with transparent shadows */
/* todo: optimize so
primitive visibility flag indicates if
@@ -284,14 +287,11 @@ ccl_device bool BVH_FUNCTION_FULL_NAME(BVH)(KernelGlobals
*kg,
return true;
}
- /* move on to next
entry in intersections array */
- isect_array++;
- (*num_hits)++;
#if BVH_FEATURE(BVH_INSTANCING)
num_hits_in_instance++;
#endif
-
- isect_array->t =
isect_t;
+ /* Move on to next
entry in intersections array */
+ isect_array++;
}
prim_addr++;
diff --git a/intern/cycles/kernel/bvh/bvh_volume_all.h
b/intern/cycles/kernel/bvh/bvh_volume_all.h
index 7eddc28..b5405e8 100644
--- a/intern/cycles/kernel/bvh/bvh_volume_all.h
+++ b/intern/cycles/kernel/bvh/bvh_volume_all.h
@@ -201,13 +201,11 @@ ccl_device uint BVH_FUNCTION_FULL_NAME(BVH)(KernelGlobals
*kg,
object,
prim_addr);
if(hit) {
- /* Move
on to next entry in intersections array. */
-
isect_array++;
+ /*
Update number of hits now, so we do proper check on max bounces. */
num_hits++;
#if BVH_FEATURE(BVH_INSTANCING)
num_hits_in_instance++;
#endif
-
isect_array->t = isect_t;
if(num_hits == max_hits) {
#if BVH_FEATURE(BVH_INSTANCING)
# if BVH_FEATURE(BVH_MOTION)
@@ -222,6 +220,9 @@ ccl_device uint BVH_FUNCTION_FULL_NAME(BVH)(KernelGlobals
*kg,
#endif /* BVH_FEATURE(BVH_INSTANCING) */
return num_hits;
}
+ /* Move
on to next entry in intersections array */
+
isect_array++;
+
isect_array->t = isect_t;
}
}
break;
@@ -246,13 +247,11 @@ ccl_device uint BVH_FUNCTION_FULL_NAME(BVH)(KernelGlobals
*kg,
object,
prim_addr);
if(hit) {
- /* Move
on to next entry in intersections array. */
-
isect_array++;
+ /*
Update number of hits now, so we do proper check on max bounces. */
num_hits++;
# if BVH_FEATURE(BVH_INSTANCING)
num_hits_in_instance++;
# endif
-
isect_array->t = isect_t;
if(num_hits == max_hits) {
# if BVH_FEATURE(BVH_INSTANCING)
# if BVH_FEATURE(BVH_MOTION)
@@ -267,6 +266,9 @@ ccl_device uint BVH_FUNCTION_FULL_NAME(BVH)(KernelGlobals
*kg,
# endif /* BVH_FEATURE(BVH_INSTANCING) */
return num_hits;
}
+ /* Move
on to next entry in intersections array */
+
isect_array++;
+
isect_array->t = isect_t;
}
}
break;
diff --git a/intern/cycles/kernel/bvh/qbvh_shadow_all.h
b/intern/cycles/kernel/bvh/qbvh_shadow_all.h
index 3a728b3..34753ff 100644
--- a/intern/cycles/kernel/bvh/qbvh_shadow_all.h
+++ b/intern/cycles/kernel/bvh/qbvh_shadow_all.h
@@ -337,6 +337,9 @@ ccl_device bool BVH_FUNCTION_FULL_NAME(QBVH)(KernelGlobals
*kg,
/* Shadow ray early
termination. */
if(hit) {
+ /* Update number of
hits now, so we do proper check on max bounces. */
+ (*num_hits)++;
+
/* detect if this
surface has a shader with transparent shadows */
/* todo: optimize so
primitive visibility flag indicates if
@@ -367,13 +370,11 @@ ccl_device bool
BVH_FUNCTION_FULL_NAME(QBVH)(KernelGlobals *kg,
return true;
}
- /* move on to next
entry in intersections array */
- isect_array++;
- (*num_hits)++;
#if BVH_FEATURE(BVH_INSTANCING)
num_hits_in_instance++;
#endif
-
+ /* Move on to next
entry in intersections array */
+ isect_array++;
isect_array->t =
isect_t;
}
diff --git a/intern/cycles/kernel/bvh/qbvh_volume_all.h
b/intern/cycles/kernel/bvh/qbvh_volume_all.h
index 4d3028b..a877e5b 100644
--- a/intern/cycles/kernel/bvh/qbvh_volume_all.h
+++ b/intern/cycles/kernel/bvh/qbvh_volume_all.h
@@ -268,13 +268,11 @@ ccl_device uint
BVH_FUNCTION_FULL_NAME(QBVH)(KernelGlobals *kg,
/* Intersect
ray against primitive. */
hit =
triangle_intersect(kg, &isect_precalc, isect_array, P, visibility, object,
prim_addr);
if(hit) {
- /* Move
on to next entry in intersections array. */
-
isect_array++;
+ /*
Update number of hits now, so we do proper check on max bounces. */
num_hits++;
#if BVH_FEATURE(BVH_INSTANCING)
num_hits_in_instance++;
#endif
-
isect_array->t = isect_t;
if(num_hits == max_hits) {
#if BVH_FEATURE(BVH_INSTANCING)
# if BVH_FEATURE(BVH_MOTION)
@@ -289,6 +287,9 @@ ccl_device uint BVH_FUNCTION_FULL_NAME(QBVH)(KernelGlobals
*kg,
#endif /* BVH_FEATURE(BVH_INSTANCING) */
return num_hits;
}
+ /* Move
on to next entry in intersections array */
+
isect_array++;
+
isect_array->t = isect_t;
}
}
break;
@@ -306,13 +307,11 @@ ccl_device uint
BVH_FUNCTION_FULL_NAME(QBVH)(KernelGlobals *kg,
/* Intersect
ray against primitive. */
hit =
motion_triangle_intersect(kg, isect_array, P, dir, ray->time, visibility,
object, prim_addr);
if(hit) {
- /* Move
on to next entry in intersections array. */
-
isect_array++;
+ /*
Update number of hits now, so we do proper check on max bounces. */
num_hits++;
# if BVH_FEATURE(BVH_INSTANCING)
num_hits_in_instance++;
# endif
-
isect_array->t = isect_t;
if(num_hits == max_hits) {
# if BVH_FEATURE(BVH_INSTANCING)
# if BVH_FEATURE(BVH_MOTION)
@@ -327,6 +326,9 @@ ccl_device uint BVH_FUNCTION_FULL_NAME(QBVH)(KernelGlobals
*kg,
# endif /* BVH_FEATURE(BVH_INSTANCING) */
return num_hits;
}
+ /* Move
on to next entry in intersections array */
+
isect_array++;
+
isect_array->t = isect_t;
}
}
break;
_______________________________________________
Bf-blender-cvs mailing list
[email protected]
https://lists.blender.org/mailman/listinfo/bf-blender-cvs
